LinkBack URL
About LinkBacks
What is the correct way to write this query if you're trying to write a login script that verifies BOTH the username and password, this seemed logically, but did not work.
SELECT username,password FROM Users WHERE username = '$username' AND password='$password'
Could anyone tell me how to rewrite please? So that is requires both the username and password to be correct before it logs you in.
Results 1 to 7 of 7
Thread: [Mysql] Help
- 14 Jun. 2010 05:01am #1
[Mysql] Help Last edited by HTML; 14 Jun. 2010 at 05:11am.
- 14 Jun. 2010 02:00pm #2
You need to get the row that contains the username (assuming usernames must be unique). Then call the password column and compare the inputed password with the password that's in the column. In other words, the query should only call the row that has a certain username, and AFTER that you check to see if the password matches. That's my thought at least.
- 14 Jun. 2010 02:06pm #3
Example please? Edit:: Oh snap, got it work, thanks bro.
Last edited by HTML; 14 Jun. 2010 at 02:25pm.
- 14 Jun. 2010 02:18pm #4 That looks right. Took example from PHP MySQL Where Clause and edited a few things.Code:
<?php $con = mysql_connect("localhost","peter","abc123"); $username = "riddle"; $password = "1234"; if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con); $result = mysql_query("SELECT * FROM AccountsTable WHERE username=" . $username); while($row = mysql_fetch_array($result)) { if (row['password'] == $password) echo "Correct password!"; } mysql_close($con); ?>
- 14 Jun. 2010 02:26pm #5
I got it t
rk, but i did it much more sloppy, I'll borrow your code and use it as an example, thanks!
- 14 Jun. 2010 02:28pm #6
mycode
Code:$result = mysql_query("SELECT username FROM Users WHERE username = '$username'"); $result2 = mysql_query("SELECT password FROM Users WHERE password = '$password'"); if(mysql_num_rows($result) !== 0) { if(mysql_num_rows($result2) !== 0) { echo "You have sucessfully logged on!"; } else { echo "Invalid username or password!"; } } else { echo "This username does not exsist"; } } ?>Last edited by HTML; 14 Jun. 2010 at 02:30pm.
- 14 Jun. 2010 02:46pm #7
I don't recommend making two requests to MySQL. If you have a big database, it will consume too many resources just for the login script. Make a single request and get all of the user data in that single request. Then compare passwords, simple as that.
Reply With Quote